The sort of hacking tools that can get into a phone include things like NSO Groups Pegasus malware. Generally speaking they’re exclusively sold to governments and not publicly sold or advertised.
There isn’t really a source where you can learn about them.
Cybersecurity research teams will occasionally discover and publish info on one. Sometimes as technical research and sometimes as corporate blogs.
But most of this sort of thing focuses on far more mundane threats.
Most anti-virus and cybersecurity firms I’ve seen have some sort of blog.
Malwarebytes seems to be referred to often. The company behind iVerify also has a good reputation. Places that publish news on cybersecurity are probably the next best thing.
One such article from iVerify.
Very few people are actively targeted by these sorts of threats and the sort of things you do to protect yourself from them are very different from usualy privacy and security advice.
Most people will only ever be subject to passive threats and surveilance that aren’t capable of doing significant harm if you don’t interact with them.
If you are targeted. Things like Google’s advanced protection program (requires two independent passkeys) and Samsung’s Auto Blocker start becoming recommendations.